fix: derive SamlConfig from SAMLOptions (#515)

* refactor: reorder SAMLOptions types to compare with SamlConfig

* fix: expand types from SAMLOptions

* fix: derive SamlConfig from SAMLOptions

src/passport-saml/saml-post-signing.ts

@@ -1,6 +1,6 @@
 import { SignedXml } from 'xml-crypto';
 import * as algorithms from './algorithms';
-import { SAMLOptions } from './saml';
+import { SAMLOptions } from './types';
 
 const authnRequestXPath = '/*[local-name(.)="AuthnRequest" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:protocol"]';
 const issuerXPath = '/*[local-name(.)="Issuer" and namespace-uri(.)="urn:oasis:names:tc:SAML:2.0:assertion"]';

src/passport-saml/saml.ts

@@ -24,6 +24,7 @@ import { AudienceRestrictionXML,
          LogoutRequestXML,
          Profile,
          RequestWithUser,
+         SAMLOptions,
          SamlIDPListConfig,
          SamlIDPEntryConfig,
          SamlScopingConfig,
@@ -101,45 +102,6 @@ function callBackWithNameID(nameid: Node, callback: (err: Error | null, value: N
   });
 }
 
-export interface SAMLOptions {
-  scoping: SamlScopingConfig;
-  xmlSignatureTransforms: string[];
-  digestAlgorithm: string;
-  providerName: string;
-  attributeConsumingServiceIndex: string | null;
-  RACComparison: string;
-  authnContext: string | string[];
-  disableRequestedAuthnContext: boolean;
-  disableRequestACSUrl: boolean;
-  acceptedClockSkewMs: number;
-  protocol: string;
-  host: string;
-  callbackUrl: string;
-  signatureAlgorithm: string;
-  path: string;
-  privateCert?: string;
-  privateKey: string;
-  logoutUrl: string;
-  entryPoint: string;
-  skipRequestCompression: boolean;
-  idpIssuer: string;
-  additionalParams: Record<string, string>;
-  additionalAuthorizeParams: Record<string, string>;
-  additionalLogoutParams: Record<string, string>;
-  cacheProvider: InMemoryCacheProvider;
-  issuer: string;
-  identifierFormat: string;
-  cert: string | string[] | CertCallback;
-  passive: boolean;
-  decryptionPvk: string;
-  logoutCallbackUrl: string;
-  validateInResponseTo: boolean;
-  requestIdExpirationPeriodMs: number;
-  audience: string;
-  forceAuthn: boolean;
-}
-
-
 class SAML {
   options: SAMLOptions;
   cacheProvider: InMemoryCacheProvider;

src/passport-saml/types.ts

@@ -12,50 +12,60 @@ export interface AuthorizeOptions extends AuthenticateOptions {
   samlFallback?: 'login-request' | 'logout-request';
 }
 
-export interface SamlConfig {
+export interface SAMLOptions {
     // Core
-    callbackUrl?: string;
-    path?: string;
-    protocol?: string;
-    host?: string;
-    entryPoint?: string;
-    issuer?: string;
+    callbackUrl: string;
+    path: string;
+    protocol: string;
+    host: string;
+    entryPoint: string;
+    issuer: string;
+    /** @deprecated use privateKey field instead */
     privateCert?: string;
-    cert?: string | string[] | CertCallback;
-    decryptionPvk?: string;
-    signatureAlgorithm?: 'sha1' | 'sha256' | 'sha512';
+    privateKey: string;
+    cert: string | string[] | CertCallback;
+    decryptionPvk: string;
+    signatureAlgorithm: 'sha1' | 'sha256' | 'sha512';
 
     // Additional SAML behaviors
-    additionalParams?: any;
-    additionalAuthorizeParams?: any;
-    identifierFormat?: string;
-    acceptedClockSkewMs?: number;
-    attributeConsumingServiceIndex?: string | null;
-    disableRequestedAuthnContext?: boolean;
-    authnContext?: string;
-    forceAuthn?: boolean;
-    skipRequestCompression?: boolean;
-    authnRequestBinding?: string;
-    RACComparison?: 'exact' | 'minimum' | 'maximum' | 'better';
-    providerName?: string;
-    passive?: boolean;
-    idpIssuer?: string;
-    audience?: string;
-    scoping? : SamlScopingConfig;
+    additionalParams: Record<string, string>;
+    additionalAuthorizeParams: Record<string, string>;
+    identifierFormat: string;
+    acceptedClockSkewMs: number;
+    attributeConsumingServiceIndex: string | null;
+    disableRequestedAuthnContext: boolean;
+    authnContext: string | string[];
+    forceAuthn: boolean;
+    skipRequestCompression: boolean;
+    RACComparison: 'exact' | 'minimum' | 'maximum' | 'better';
+    providerName: string;
+    passive: boolean;
+    idpIssuer: string;
+    audience: string;
+    scoping : SamlScopingConfig;
 
     // InResponseTo Validation
-    validateInResponseTo?: boolean;
-    requestIdExpirationPeriodMs?: number;
-    cacheProvider?: CacheProvider;
+    validateInResponseTo: boolean;
+    requestIdExpirationPeriodMs: number;
+    cacheProvider: CacheProvider;
+
+    // Logout
+    logoutUrl: string;
+    additionalLogoutParams: Record<string, string>;
+    logoutCallbackUrl: string;
+
+    // extras
+    xmlSignatureTransforms: string[];
+    digestAlgorithm: string;
+    disableRequestACSUrl: boolean;
+}
 
-    // Passport
+export type SamlConfig = Partial<SAMLOptions> & StrategyOptions
+
+interface StrategyOptions {
     name?: string;
     passReqToCallback?: boolean;
-
-    // Logout
-    logoutUrl?: string;
-    additionalLogoutParams?: any;
-    logoutCallbackUrl?: string;
+    authnRequestBinding?: string;
 }
 
 export interface SamlScopingConfig {